XSSDetect can be downloaded at: http://www.microsoft.com/downloads/details.aspx?FamilyID=19a9e348-bdb9-45b3-a1b7-44ccdcb7cfbe&displaylang=en
A couple of findings so far:
1. Do not try this when you're opening large solutions or are low on memory. If you do have a large solution with countless project files, you can remove the non-web projects from the targets list. However, this still does not resolve the issue and Visual Studio will consistently crash when XSSDetect attempts to analyze.
Amount of available memory: x
Amount of memory required: x
2. To test out the accuracy of their code analysis, I removed some untrusted input handling. For querystring input, you then come across tips to "Use the Anti-XSS library to properly encode the data before rendering it". No, this is not a complete plug that you MUST download and use Microsoft's Anti-Cross Site Scripting Library V1.5. In this particular case, you can re-add Server.HtmlEncode via HttpUtility to achieve the same effect and remove these types of high confidence level errors. Note that the implementations of AntiXSS is just a touch different.
This tool definitely shows potential; unfortunately, you only get 60 days to play around with it as it has a short expiration date.